PaulDotCom mailing list archives
Kon-Boot on a USB
From: trklisted at networksamurai.org (mOses)
Date: Wed, 8 Jul 2009 23:17:32 -0400
Well I can tell you that it will work again active directory accounts HOWEVER when you read the documentation and in your testing what you'll find is that since the credentials entered do not match the active directory network credentials you don't have access to network resources. It would seem to me that what this does is that it will patch the system in memory in order to tell the local system service (or winlogon) that your username did match what was in the LSASS process (or something to that). Now what I was trying to prove was that it will work when WIL (windows integrated login; meaning no actual password prompt in the FDE/WDE in pointsec is required). now secondly and more interestingly I tested this on an encrypted debian system by entering the decryption password (which is different than root) and it worked! (kon-usr was able to login!). So basically COLD-BOOT attack against LUKS + Kon-Boot on ubuntu/debian will work.... scary. M On Jul 8, 2009, at 10:27 PM, PJ Velasco wrote:
I use PGP Desktop 9.10 full disk encryption on a Windows XP SP3 laptop and it did not work because I got the PGP prompt to unlock the disk after the initial KonBoot splash screen. I entered my PGP password to continue the boot process, but I had to enter my actual Windows credentials at the Windows login screen to successfully log in, so no go even if someone knows the PGP password. I also have an Ubuntu 9.10 laptop running disk encryption and the result was just like the PGP result. I successfully got it to work on a Debian system (VMware guest), but not my Fedora Core system (again VMWare guest). Very sweet tool. I showed all the guys at work and they loved it. Tomorrow we are going to see if it will work with an Active Directory account. I have only tested with local accounts. On Wed, Jul 8, 2009 at 9:16 PM, mOses<trklisted at networksamurai.org> wrote:Just wanted to put my 2 cents on testing for everyone on the list interested. Kon-Boot on a Windows XP SP3 box w/ TrueCrypt WDE (FDE) did not work. Gave me an error about the BIOS being to big and that it wanted me to change the motherboard(?) Kon-Boot on a Windows Vista Business running PointSec for PC (server/ client edition) with Windows Integrated Login (which I don't enjoy having) did not work either. Dies right before the OS loads. Irongeek USB Boot did not work at all on that box it hung at a place before that (loading the Pointsec system). Anyone else try with Bitlocker or another type of FDE/WDE like PGP enterprise? I think the author can fix these issues or if he opens the source someone else may do it, although it was all written in TASM32 so probably only those who remember what TSR programs were can do it :) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Kon-Boot on a USB, (continued)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Nils (Jul 09)
- Kon-Boot on a USB mOses (Jul 08)
- Kon-Boot on a USB PJ Velasco (Jul 08)
- Kon-Boot on a USB mOses (Jul 08)
- Kon-Boot on a USB mOses (Jul 08)
- Kon-Boot on a USB infolookup at gmail.com (Jul 07)
- Kon-Boot on a USB John Navarro (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 09)